一、漏洞信息 漏洞编号:CVE-2023-35829 漏洞归属组件: rkvdec 漏洞归属的版本:kernel 6.3.2 之前 CVSS V3.0分值:7.0 漏洞简述: An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. NVD Published Date: 06/18/2023 NVD Last Modified: 06/26/2023 漏洞详情参考链接:https://nvd.nist.gov/vuln/detail/CVE-2023-35829 二 漏洞解决 因涉kernel 6.3.2 之前,故cloud Linux kernel 4.19和5.10都需要更新,社区补丁: 1、commit 3228cec23b8b29215e18090c6ba635840190993d git cherry-pick -s 3228cec23b (with linux-stable v5.10.180 repo added)
(In reply to zhujun from comment #0) > 一、漏洞信息 > 漏洞编号:CVE-2023-35829 > 漏洞归属组件: rkvdec > 漏洞归属的版本:kernel 6.3.2 之前 > CVSS V3.0分值:7.0 > 漏洞简述: > An issue was discovered in the Linux kernel before 6.3.2. A use-after-free > was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c. > > NVD Published Date: > 06/18/2023 > NVD Last Modified: > 06/26/2023 > > 漏洞详情参考链接:https://nvd.nist.gov/vuln/detail/CVE-2023-35829 > > 二 漏洞解决 > 因涉kernel 6.3.2 之前,故cloud Linux kernel 4.19和5.10都需要更新,社区补丁: > > 1、commit 3228cec23b8b29215e18090c6ba635840190993d > git cherry-pick -s 3228cec23b (with linux-stable v5.10.180 repo added) 修改如下: 二 漏洞解决 因涉kernel 6.3.2 之前,故cloud Linux kernel 5.10需要更新,社区补丁: 1、commit de19d02d734ef29f5dbd2c12fe810fa960ecd83f git cherry-pick -s de19d02d734 (with linux-stable v5.10.180 repo added) Reference:https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=de19d02d734ef29f5dbd2c12fe810fa960ecd83f
The PR Link: https://gitee.com/anolis/cloud-kernel/pulls/1911
already fixed
*** Bug 7006 has been marked as a duplicate of this bug. ***